L'affaire Snowden and (Computer) Security

Rules of the Game

Dealing with classified information has a lot of rules associated with it, of course. (The Federation of American Scientists has a nice set of slides on the rules on the web here, and there's another good page here.) There are standards for how it's stored, how it's transmitted, and how -- and where -- it can be used, all based on trying to protect sensitive information according to its level of sensitivity. Those rules are based around some basic assumptions: the fewer people who know the information the better; the better we understand who has had access to information, the more likely we are to be able to protect it; and at any moment, there is some individual responsible for any piece of classified information.

Because of these rules, managing sensitive information is difficult, and things that are difficult are hard. And expensive. So there are tradeoffs between the cost and difficulty of managing the information and the desire to protect it.

So what are these rules?

First of all, you need to try to make sure that the people you make responsible for sensitive information are trustworthy. So you do more and more extensive checks of the background of people who get that responsibility. More on that shortly.

Second, you reduce the number of people who have access to any particular piece of information. There is a lot of information classified TOP SECRET, and even more at lower sensitivity levels. I don't think I've ever seen real numbers, but based on my experience I'd guess that there is ten times as much SECRET information as TOP SECRET, and ten times as much CONFIDENTIAL as there is SECRET.

But that doesn't tell the whole story either, for several reasons. First, classification is "catching" -- documents are classified on a paragraph by paragraph basis. If there's one piece of TOP SECRET in a paragraph, that whole paragraph is classified TOP SECRET, marked by putting a (TS) at the beginning of the paragraph. If there's a paragraph, or part of a paragraph, marked (TS) on a page, the whole page is marked TOP SECRET at the top. If there's a page of TOP SECRET in a document, the whole thing is marked TOP SECRET.

Add to that, no one was ever fired for classifying something too highly. Oh, there are counter-pressures, the biggest one being that something that's highly classified is what is known in the trade as "a pain in the ass" or PITA. But still, it's better to err on the side of caution.

Of course, these two things mean that there's a lot of material out there classified (TS) that isn't particularly sensitive, but it requires a process, with forms and signatures and such, to reduce the classification of a document. (Which, just so you can sound knowledgeable for your friends, is called "downgrading" the document. Preparing a new document with the sensitive stuff removed or blocked out is known as "sanitizing" the document.)

The second major issue, though, is something known as the aggregation problem. Simply put, the problem is this: the more information you have, the more likely you are to be able to deduce something really sensitive from it.

If you're a bad guy, a Black Hat, and you know that a particular person works for the Department of Defense, that's not particularly interesting. There are a lot of people in the DC area who work for the Department of Defense. But if you find out that this same person works at Fort George Meade in Maryland, it becomes more interesting: basically, they're either working at NSA, or the DoD side of the intelligence world the Defense Intelligence Agency, or they're in the Army Band.